ansible/group_vars/accesspoints/main.yml

   1 ---
   2 ssh_users_root:
   3   - equinox
   4   - nicoo
   5
   6 accesspoint_wifi_channels:
   7   2.4g:
   8     ap0: 3
   9     ap1: 8
  10     ap2: 13
  11   5g:
  12     ap0: 36
  13     ap1: 48
  14     ap2: 40
  15
  16 accesspoint_zones:
  17   iot:
  18     ssid: "realstuff"
  19     encryption: "psk2"
  20     key: "{{ vault_accesspoint_zones.iot.key }}"
  21   guests:
  22     ssid: "realraum"
  23     encryption: "psk2"
  24     key: "{{ vault_accesspoint_zones.guests.key }}"
  25     extra_options:
  26       disassoc_low_ack: '1'
  27       rsn_preauth: '1'
  28   # members:
  29   #   ssid: "r3members"
  30   #   encryption: "psk2"
  31   #   key: "{{ vault_accesspoint_zones.members.key }}"
  32   #   extra_options:
  33   #     disassoc_low_ack: '1'
  34   #     rsn_preauth: '1'
  35
  36
  37
  38 accesspoint_wired_interface: eth0
  39 accesspoint_wireless_device_paths:
  40   2.4g: "platform/qca956x_wmac"
  41   5g: "pci0000:00/0000:00:00.0"
  42
  43 accesspoint_network_base:
  44   - name: globals 'globals'
  45     options:
  46       ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48"
  47
  48   - name: interface 'loopback'
  49     options:
  50       ifname: lo
  51       proto: static
  52       ipaddr: 127.0.0.1
  53       netmask: 255.0.0.0
  54
  55   - name: interface 'raw'
  56     options:
  57       ifname: "{{ accesspoint_wired_interface }}"
  58       proto: none
  59       accept_ra: 0
  60
  61   - name: interface 'mgmt'
  62     options:
  63       type: bridge
  64       ifname: "{{ accesspoint_wired_interface }}.{{ net.mgmt.vlan }}"
  65       accept_ra: 0
  66       proto: static
  67       ipaddr: "{{ net.mgmt.prefix | ipaddr(net.mgmt.offsets.accesspoints + groups.accesspoints.index(inventory_hostname)) | ipaddr('address') }}"
  68       netmask: "{{ net.mgmt.prefix | ipaddr('netmask') }}"
  69       gateway: "{{ net.mgmt.gw }}"
  70       dns: "{{ net.mgmt.dns | join(' ') }}"
  71       dns_search: realraum.at
  72
  73 accesspoint_network_zones: "{{ accesspoint_network_zones_yaml | from_yaml }}"
  74 accesspoint_network_zones_yaml: |
  75   {% for item in accesspoint_zones.keys() %}
  76   - name: interface "{{ item }}"
  77     options:
  78       type: bridge
  79       ifname: "{{ accesspoint_wired_interface }}.{{ net[item].vlan }}"
  80       accept_ra: 0
  81       proto: none
  82   {% endfor %}
  83
  84
  85 accesspoint_wireless_devices:
  86   - name: wifi-device 'radio5g'
  87     options:
  88       type: 'mac80211'
  89       channel: "{{ accesspoint_wifi_channels['5g'][inventory_hostname] }}"
  90       hwmode: '11a'
  91       country: AT
  92       path: "{{ accesspoint_wireless_device_paths['5g'] }}"
  93       htmode: 'VHT80'
  94
  95   - name: wifi-device 'radio2g4'
  96     options:
  97       type: 'mac80211'
  98       channel: "{{ accesspoint_wifi_channels['2.4g'][inventory_hostname] }}"
  99       hwmode: '11g'
 100       country: AT
 101       path: "{{ accesspoint_wireless_device_paths['2.4g'] }}"
 102       htmode: 'HT20'
 103
 104
 105 ## TODO: set up 802.11r see:
 106 ##        * https://www.reddit.com/r/openwrt/comments/515oea/finally_got_80211r_roaming_working/
 107 ##        * https://gist.github.com/lg/998d3e908d547bd9972a6bb604df377b
 108 accesspoint_wireless_ifaces: "{{ accesspoint_wireless_ifaces_yaml | from_yaml }}"
 109 accesspoint_wireless_types:
 110   - { name: only, ssid: 2.4, freq: 2g4 }
 111   - { name: only, ssid: 5, freq: 5g }
 112   - { name: '', ssid: '', freq: 2g4 }
 113   - { name: '', ssid: '', freq: 5g }
 114 accesspoint_wireless_ifaces_yaml: |
 115   {% for zone in accesspoint_zones.keys() %}
 116   {%   for item in accesspoint_wireless_types %}
 117   - name: wifi-iface '{{ zone }}{{ item.freq }}{{ item.name }}'
 118     options:
 119       device: 'radio{{ item.freq }}'
 120       network: '{{ zone }}'
 121       mode: 'ap'
 122       ssid: '{{ accesspoint_zones[zone].ssid }}{{ item.ssid }}'
 123       encryption: '{{ accesspoint_zones[zone].encryption }}'
 124       key: '{{ accesspoint_zones[zone].key }}'
 125   {%     for opt, val in (accesspoint_zones[zone].extra_options | default({}) ).items() %}
 126       {{ opt }}: '{{ val }}'
 127   {%     endfor %}
 128   {%   endfor %}
 129   {% endfor %}
 130
 131
 132
 133 openwrt_variant: openwrt
 134 openwrt_release: 18.06.1
 135 openwrt_arch: ar71xx
 136 openwrt_target: generic
 137 openwrt_profile: ubnt-unifiac-lite
 138 openwrt_output_image_suffixes:
 139   - "generic-{{ openwrt_profile }}-squashfs-sysupgrade.bin"
 140
 141 openwrt_mixin:
 142   /etc/sysctl.conf:
 143     content: |
 144       # Defaults are configured in /etc/sysctl.d/* and can be customized in this file
 145       #
 146       # disable IP forwarding, we don't need it since we are
 147       # only an AP that bridges VLANs to Wifi SSIDs
 148       net.ipv4.conf.default.forwarding=0
 149       net.ipv4.conf.all.forwarding=0
 150       net.ipv4.ip_forward=0
 151       net.ipv6.conf.default.forwarding=0
 152       net.ipv6.conf.all.forwarding=0
 153
 154   /etc/dropbear/authorized_keys:
 155     content: "{{ ssh_users_root | user_ssh_keys(users) | join('\n') }}\n"
 156
 157   /etc/htoprc:
 158     file: "{{ global_files_dir }}/common/htoprc"
 159
 160
 161 openwrt_uci:
 162   system:
 163     - name: system
 164       options:
 165         hostname: '{{ inventory_hostname }}'
 166         timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
 167         ttylogin: '0'
 168         log_size: '64'
 169         urandom_seed: '0'
 170
 171     - name: timeserver 'ntp'
 172       options:
 173         enabled: '1'
 174         enable_server: '0'
 175         server:
 176           - '0.lede.pool.ntp.org'
 177           - '1.lede.pool.ntp.org'
 178           - '2.lede.pool.ntp.org'
 179           - '3.lede.pool.ntp.org'
 180
 181   dropbear:
 182     - name: dropbear
 183       options:
 184         PasswordAuth: 'off'
 185         RootPasswordAuth: 'off'
 186         Port: '22000'
 187
 188   network: "{{ accesspoint_network_base + accesspoint_network_zones }}"
 189   wireless: "{{ accesspoint_wireless_devices + accesspoint_wireless_ifaces }}"